New Law on Investment Comes into Operation on 1 March 2026
On 11 December 2025, the National Assembly passed the Law on Investment No. 143/2025/QH15 (“Law on Investment 2025“), which would replace the Law on Investment No. 61/2020/QH14. The new Law on Investment 2025 introduces significant changes to Vietnam’s foreign direct investment regime. It came into operation on 1 March 2026.
One of the most significant changes introduced by the Law on Investment 2025 is the sequence by which foreign-invested enterprises can now be established. Whereas under the former law, investors were required to obtain an investment registration certificate (“IRC“) and then incorporate an entity by obtaining the enterprise registration certificate (“ERC“), the Law on Investment 2025 allows for reverse of this sequence.
This reversal now allows an investor to undertake many of the pre-incorporation steps by setting up a company first, such as entering into office leases or hiring employees.
However, investors that embark on the sequence of setting up a company first (ERC) will need to ensure they can satisfy the market access conditions applicable to foreign investors at the time of incorporation.
Law on Artificial Intelligence Takes Effect on 1 March 2026
On 1 March 2026, Vietnam’s Law on Artificial Intelligence (“Law on AI“) took effect, replacing the existing legal provisions related to artificial intelligence (“AI“) under the Law on Digital Technology Industry.
The Law on AI marks Vietnam’s first comprehensive, standalone law governing AI. It draws considerable influence from the European Union’s Artificial Intelligence Act, with much of the concepts lifted from that law. For example:
- It sets out a risk-based classification of AI systems, under which AI systems are classified based on (i) their impact on human rights, safety and security; (ii) the field of use of the system, particularly essential sectors or sectors directly related to the public interest; and (iii) the scope of users and the scale of system’s impact. AI systems will be given a “high-risk”, “medium-risk” or “low risk” classification.
- It regulates responsibilities of various players in the AI value chain, including developers, providers and deployers.
- It introduces broad transparency requirements, especially for systems that interact with humans and generate content. For example, for all AI systems that interact with humans, providers generally must ensure that users can identify when they are interacting with an AI system rather than a human.
The Law on AI also introduces requirements for conformity assessments for high-risk AI systems. It mandates certification by registered or recognised assessment organisations for specific systems set out in a list from the Prime Minister.
Currently, many of the provisions of the Law on AI are still subject to further guidance from the Government. This is likely to take the form of a decree that will be enacted this year.
For more information, click here to read our Legal Update.
Navigating Transparency and Confidentiality under Vietnam’s Draft Amended Law on Access to Information
On 30 January 2026, the Ministry of Justice submitted to the Government the Explanatory Report on the Draft Law on Access to Information (amended) (“Draft Amendment“). The Draft Amendment has been included in the 2026 legislative agenda for consideration by the National Assembly (15th Legislature) at its 9th Session, signalling a renewed policy focus on transparency reforms in Vietnam.
The initiative comes nearly a decade after the 2016 Law on Access to Information (“2016 Law“) operationalised citizens’ constitutional right of access to information under Article 25 of the 2013 Constitution. Since then, its implementation has supported greater administrative transparency and more proactive disclosure by public authorities, alongside increased opportunities for public oversight. However, policy practice and academic discussions, including views raised in scientific workshop materials on improving access to information, suggest that the current framework requires recalibration. In particular, institutional reforms and rapid digitalisation have reshaped how information is created, stored, shared and requested, and have intensified boundary questions between transparency, state secrecy, and the protection of public interests. The Draft Amendment, therefore, appears to go beyond technical revisions and aims to re-balance access and confidentiality in a changing governance and technology landscape.
For more information, click here to read our Legal Update.
New Implementing Decree for the Law on Personal Data Protection (Decree 356/2025/ND-CP) Comes into Force on 1 January 2026
On 1 January 2026, Decree 356/2025/ND‑CP (“Decree 356“), which was passed by the Government on 31 December 2025, came into effect. Decree 356 provides the long-awaited guidance to implement the Law on Personal Data Protection that was passed on 26 June 2025.
Key provisions introduced by Decree 356:
- It sets out a non-exhaustive list of personal data classified as basic personal data and sensitive personal data.
- It regulates the requirements for appointing personal data protection personnel and departments.
- It regulates detailed procedures and forms for the cross-border personal data transfer impact assessment and the personal data processing impact assessment, which need to be prepared and filed to the personal data protection authority.
- It introduces a new service category called “data processing services”. Decree 356 regulates the requirements that providers of these services need to meet, including certifications.
Please note that whilst the information in this Update is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as a substitute for specific professional advice
